Postgresql: plpython may be removed
Scott Chapman
scott_list at mischko.com
Wed Jun 18 17:36:21 EDT 2003
This thread is going on the Postgresql email list. It appears that support
for Python as a Postgresql scripting language will not last unless some
knowlegable folks can assist.
---------- Forwarded Message ----------
Subject: Re: [GENERAL] plpython? (Was: Re: Damn triggers and NEW)
Date: Wednesday 18 June 2003 07:32
From: Tom Lane <tgl at sss.pgh.pa.us>
To: "Jay O'Connor" <joconnor at cybermesa.com>
Cc: pgsql-general at postgresql.org
"Jay O'Connor" <joconnor at cybermesa.com> writes:
> At 06:42 AM 06/18/2003 +0200, you wrote:
>> We could change plpython to an untrusted language
>> if someone cares enough to develop a patch to remove the use of
>> rexec. Otherwise I fear we'll have to pull it.
>
> When you say "have to pull it" does that mean dropping plpython completely?
Yes. I can't see that we have any other alternative. The existing
plpython won't work at all with newer Python installations, and while
it'd still work with older ones, it has exactly the same security holes
that prompted the Python folk to pull rexec. That means it's foolish
to pretend that it can still be considered a trusted language. So
I feel we cannot just leave it sit there. Either somebody does the
legwork to convert it into an untrusted language that doesn't use rexec,
or it goes. And I don't think any of the core team has the time to do
that legwork. If there's no plpython user with the commitment to fix
it, it's history :-(. Any volunteers out there?
regards, tom lane
-------------------------------------------------------
More information about the Python-list
mailing list